What you need to know about storage in the cloud

Cloud storage benefits are shaping up, but problems remain

By Brian Robinson

Apr 09, 2010

Maybe you don’t need anyone to tell you this, but now might be a good time to start thinking of other places — in the cloud, for example — to store all that electronic data your agency is creating every day.

If Federal Chief Information Officer Vivek Kundra has his way, government agencies won’t be able to keep socking away new data in computer servers and storage devices in their own jealously guarded data centers. The costs of operating those facilities are just too high.

The number of government data centers almost tripled in the past decade, from 432 to 1,100. A big driver in this proliferation is data growth. For example, the Defense Information Systems Agency said the amount of data it manages has grown more than 1,400 percent during the past eight years.

Meanwhile, if changes aren't made, energy consumption by federal servers and data centers will be more than 12 billion kilowatt-hours by 2011, double the amount used in 2006. To make matters worse, the government doesn’t use its data centers anywhere near their maximum capacity.

So, enough is enough, Kundra said. In a memo to federal CIOs Feb. 26, he ordered a governmentwide consolidation of data centers. Agencies have until Aug. 30 to finalize their specific consolidation plans, which will be included in their fiscal 2012 budgets.

One of the initiative’s goals — to shift IT investments to more efficient computing platforms and technologies — seems a direct prod by Kundra for agencies to at least start investigating moving some IT operations to the cloud.

So what about data storage? In the cloud model, agencies would send their data across the Internet or a private network to a storage service provider that owns and operates the storage equipment and charges a monthly fee based on how much data is involved. Because agencies would only pay for what they use, that would get them out of the expensive game of buying enough excess storage capacity for their own data centers to always stay ahead of their data growth curve.

There are few examples of organizations moving large amounts of storage to the cloud. But those that have report good results, and Kundra said agencies should be on the lookout for best practices from the public and private sectors.

For example, General Electric started looking for alternatives after its disk-to-disk-to-tape on-site backup system reached a cost of 50 cents per gigabyte per month. The company is using a new cloud-based backup and archiving service from Nirvanix that reportedly costs 32 cents per gigabyte per month.

However, it's still early in the game for wholesale moves. The number of cloud storage providers is small but growing.

Nevertheless, for data storage, the cloud seems to make sense. But before you make that leap, there are a few things you need to be aware of that will influence what kind of data and how much of your data you can offload to a service provider.

Issue No. 1: Security

This is by far agencies’ No. 1 worry about the cloud — and for good reason. To deliver services as cost efficiently as possible, cloud providers will typically store different customers’ data on shared systems, thereby increasing the use rate of those resources. That cohabitation might be beyond the comfort level of many government IT managers.

Most cloud storage vendors provide security for data in transit on a network from a customer to the cloud. However, cloud customers often take an additional step to protect their data.

“Our largest customers tend to secure their data before we ever see it, relying on proven encryption and key management tools,” said Stephen Foskett, director of consulting at Nirvanix.

Meanwhile, there might be an upside to cloud storage security concerns, said Peter Mell, a senior computer specialist at the National Institute of Standards and Technology's Computer Security Division and lead author on NIST’s upcoming cloud guidance publication.

“The idea there is that if agencies have public facing data [on their systems] and they move them off to the cloud, what’s left is the sensitive data they’ll then have more control over,” he said. “The public won’t go to the agency network so much, so the agency can put more focus on those sensitive areas.”

If the data originates inside the cloud because it was created using a cloud-based application, such as a collaboration or e-mail program, that’s a better scenario because there’s an implicit understanding of the conditions under which the data will reside in the cloud, said Joe Brown, president of Accelera Solutions, an IT solutions provider that specializes in virtualization.

Short of that scenario, Brown advises caution.

“Right now, if the data is sensitive and originates inside the [agency] firewall, moving [it] to the cloud is off limits,” he said.

Issue No. 2: Performance

Putting data in the cloud is not a good option if you can’t get it back in a way that meets your needs. So it is critical to know the bandwidth and access methods that will be available between an agency and storage provider.

Besides determining how fast average performance will be, you need to know how the cloud will handle data transfers at peak loads.

All that will determine what type of data you send to the cloud. For now, many customers find that the cloud operates at least a little slower than agencies’ own internal networks, said Brooke Guthrie, manager of product and business management for CDW Government’s hosting and managed services.

For archival data that users don't need to access often, such as medical images, performance won't likely be a limiting factor.

“But nobody is putting primary storage into the cloud right now,” Guthrie said. “The performance is not really there for day-to-day, transactional data.”

Performance degradation would be minimized if the applications could also be located in the cloud along with the data they use. But not all applications are suited for the cloud, particularly mission-critical ones that agencies naturally prefer to keep close at hand on servers in their own data centers.

Issue No. 3:Records management

Government agencies must follow rules for storing and manipulating digital records, requirements that cloud vendors are just beginning to address.

For example, agencies that want to put data into the cloud need to consider whether a cloud provider can maintain an electronic record’s functionality and integrity throughout its life cycle, the National Archives and Records Administration said in a recent memo.

Agencies also must make sure they can transfer archival records to NARA or delete records according to NARA-approved retention schedules.

Some cloud architectures lack the formal technical standards that govern how data is stored and manipulated, which “threatens the long-term trustworthiness and sustainability of the data,” NARA said.

Agencies are responsible for making sure that the contracts of the cloud vendors they use satisfy NARA’s requirements for specific records management language.

As the cloud services market evolves, those types of features will likely be standard features in vendor offerings. There’s a lot of research and development going on regarding archiving data, said Ted Newman, chief technology officer of EMC Infrastructure Consulting, adding that agencies should be aware of the risks they will take if they make the move now.

“There will be a little bit more of a lock-in [to a specific cloud architecture] given the way that things are being done by vendors now,” he said.

Issue No. 4:Interoperability

One of the big advantages of the cloud for agencies will come in being able to use various providers for different services, on demand. That means the data agencies store in one vendor’s cloud infrastructure must be able to work in another’s.

“It speaks to the need for portability and interoperability,” said David McClure, associate administrator of the General Services Administration’s Office of Citizen Services and Communications. “If you use the cloud, you need to know you can pull the data back.”

In the next few months, GSA is expected to announce a request for quotations for services such as cloud storage from providers that agencies can acquire through an online storefront set up by GSA.

That interoperability might not be a problem for things such as an Oracle database, for example, because it has widely understood structures that vendors will likely implement the same way. However, can the same be said for a more customized platform?

“That’s when you get into the more proprietary side of things,” said Doug Chabot, vice president and principal solutions architect at QinetiQ North America’s Mission Solutions Group.

It means an agency must sit down and understand how data transfers will happen with the cloud providers they use because that speaks directly to the issue of data integrity, said Venkatapathi Puvvada, vice president and managing partner of Unisys’ Federal Horizontal Services.

“The industry still has not figured out what the standards are for that yet,” he said.

That is not an insurmountable challenge, Chabot said. An agency could use special software links that bridge different system interfaces.

If it sounds like using cloud storage will be a lot of work for agencies, that’s because it will be, at least for now. However, many smart companies are figuring out how they can, as specialists, deliver storage capacity for less money than it costs an IT generalist, such as a government agency, to provide the same.

By all accounts, vendors are succeeding on the cost front. As they resolve those other concerns, the road to cloud storage and its benefits will become more clear.